Check an IP Address, Domain Name, Subnet, or ASN

117.175.140.121 was found in our database!

$ whois 117.175.140.121

country·🇨🇳 China

isp·China Mobile Communications Group Co., Ltd.

asn·AS9808

network·Standard

$ sikker risk 117.175.140.121scoring →

confidence

96%Very High

first_seen·Apr 17, 2026

last_seen·1h ago

sessions·25

events·25

$ sikker protocols 117.175.140.121

SSH

9 / 9

HTTP

5 / 5

HTTPS

4 / 4

TELNET

4 / 4

DOCKER

3 / 3

$ sikker summary 117.175.140.121

117.175.140.121 has a threat confidence score of 96%. This IP address from China (AS9808, China Mobile Communications Group Co., Ltd.) has been observed in 25 honeypot sessions targeting SSH, HTTP, HTTPS, TELNET, DOCKER protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on April 17, 2026, most recently active April 20, 2026.

$ sikker behaviors 117.175.140.121catalog →

highHttp Mass Web Rce Exploitation Scanning5x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 117.175.140.121

http_method_get210 http_php_echo_md5_hello_phpunit_marker185 php_phpunit_md5_marker78 http_body_wget_curl_pipe_to_sh_selfrep10 http_thinkphp_invokefunction_call_user_func_array_md510 http_php_cgi_allow_url_include_auto_prepend_input_injection10 docker_post_method9 https_body_wget_curl_pipe_to_sh_apache_selfrep8 https_php_ini_directive_injection_allow_url_include_auto_prepend_file8 docker_container_exec_path6 telnet_echo_hex_escape_sequence_output6 http_cgi_bin_direct_bin_sh_access5 http_phpunit_eval_stdin_php_path_access5 http_phpunit_license_eval_stdin_path_probe5 http_docker_api_containers_json_path_access5 http_phpunit_util_php_eval_stdin_path_access5 http_root_phpunit_src_eval_stdin_path_access5 http_root_phpunit_util_eval_stdin_path_access5 http_double_vendor_phpunit_eval_stdin_path_probe5 http_phpunit_src_util_php_eval_stdin_path_access5

$ sikker related 117.175.140.121

🇨🇳·More threats fromChina→AS·More threats fromChina Mobile Communications Group Co., Ltd.→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
36.212.176.143	94%	711
111.7.100.40	60%	718
36.140.67.76	94%	888
112.46.212.180	95%	132
112.46.214.70	88%	3,577

IP Address	Confidence	Events
218.0.56.78	100%	988
218.203.76.173	95%	1,340
14.103.120.124	100%	851
39.107.244.123	81%	30,344
42.51.13.244	93%	515